[Guy Harris <gharris@xxxxxxxxx>]

On Sun, Dec 09, 2001 at 11:39:42AM +0200, Gilad Benjamini wrote:
> Is there a way to print specific fields from each packet ?
> I can get some of the fields using awk, but only those in the standard
> format
> tethereal provides.
> 
> e.g. for all IP packets, show me the srcIP, dstIP and IP identifier of the
> packet.
> 
> My "vision" is, that for any packet field I can filter by, I could use a
> printf-style format
> to print specific fields.

There is no mechanism to put arbitrary fields from the protocol tree
into the summary line.  It probably won't appear any time soon; it would
be too expensive if we always computed the protocol tree for every
packet when the capture file is read in (if you're using a read filter,
or a coloring filter, you have to do that - but at least you have the
choice of not doing so, and if people want to colorize packets based on,
say, the protocol of the packet, we may be able to add the ability to do
so without computing the protocol tree).

I would, instead, suggest running tethereal with the "-V" flag, and
writing a script to extract the data from that output.

We may, at some point, provide a way to produce write the full protocol
tree as output in a form more easily parseable by scripts (e.g., develop
an XML DTD for it).